The kernel issues are also worth noting (the report notes that one was discovered in April 2009), but more worrisome are vulnerabilities in Safari. The browser has been shown time and again to be a weak link in OS X's security chain. Debates rage on about whether Macs are attacked less because of their minority share or because they are less vulnerable, but that doesn't make any attack on the platform less troublesome.
Most important of all, though, is the user at the keyboard. Mac users are no less vulnerable to social engineering -- and no less apt to download pirated software that turns out to be loaded with Trojans -- than those using other platforms.
A false sense of security is a bad habit to cultivate, especially if Mac adoption continues to climb. What's crucial is that users not assume that simply changing platforms is by itself a defense mechanism. It can stave off some obvious problems, but it won't eliminate all of them for all time.
To that end, Mac users need to keep apps updated (not too hard by itself), but also stay conscious of their security as a platform-neutral issue. Rip-off artists are loyal to no OS, and a bug in Safari can be just as problematic as a bug in IE. (The same goes for Linux as well: A scam run past someone using Firefox in Ubuntu is still a scam by any other name.)
Users should also stay informed about threats in the wild that might not seem like any of their concern at first. Malware is not just becoming more aggressive, it's jumping platforms and diversifying across them, targeting the user rather than the platform. Consider the Firefox XUL hijack described earlier: that was an attack that could be staged on multiple editions of Firefox, since the files attacked were not platform-specific.
And Mac users should avoid pirated software, for security (as well as ethical) reasons. The threat from such things may be marginal now, but that doesn't mean it'll always be that way.
(For some additional tips, you might want to check out this article: 15 easy fixes for Mac security risks.)
We sometimes forget that there are Apple products on the Windows PC -- and those need to be regarded with the same sort of scrutiny as any other application. A big part of the concern is, again, ubiquity: Many PCs have QuickTime or iTunes installed, and most of us don't think of those things as potential security holes. However, various exploits have been documented in both the Mac and PC versions of QuickTime.
Two examples: In 2007, a nasty buffer overflow exploit affected just about every extant version of QuickTime in both Windows and Mac machines. And another bug was found in 2008 with similar properties. (Want more examples? Search US-CERT using the keyword "QuickTime" to see many more such exploits.)
Apple does have an automatic updater for its software in Windows, so PC users should keep QuickTime updated. Also, keep the number of file types associated with QuickTime itself to a minimum -- most people just use it to play QuickTime files and nothing else anyway, so this helps limit the available attack surface.